public void Match_Comments_CorrectMatchingPosition()
{
var code =
"<?php\n" +
"#password=secret\n" +
"/*password=secret*/\n" +
"/*\n" +
"\n" +
" password\n" +
" =secret\n" +
"*/" +
"?>";
var pattern = "Comment: <[ \"(?i)(password|pwd)\\s*(\\=|is|\\:)\" ]>";
var matchingResults = PatternMatchingUtils.GetMatchings(code, pattern, Language.Php);
Assert.AreEqual(2, matchingResults[0].BeginLine);
Assert.AreEqual(2, matchingResults[0].BeginColumn);
Assert.AreEqual(2, matchingResults[0].EndLine);
Assert.AreEqual(11, matchingResults[0].EndColumn);
Assert.AreEqual(3, matchingResults[1].BeginLine);
Assert.AreEqual(3, matchingResults[1].BeginColumn);
Assert.AreEqual(3, matchingResults[1].EndLine);
Assert.AreEqual(12, matchingResults[1].EndColumn);
Assert.AreEqual(6, matchingResults[2].BeginLine);
Assert.AreEqual(5, matchingResults[2].BeginColumn);
Assert.AreEqual(7, matchingResults[2].EndLine);
Assert.AreEqual(16, matchingResults[2].EndColumn);
}
public void Match_JavaScriptAndPhpPatternInsidePhp_MatchedExpected()
{
string code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "JavaScriptTestPatternsInsidePhp.php"));
MatchingResultDto[] matchingResults = PatternMatchingUtils.GetMatchings(code, "#.innerHTML=<[\"\"]>", LanguageFlags.JavaScript);
Assert.AreEqual(1, matchingResults.Length);
}
public void Match_PatternWithNegation_CorrectCount()
{
var code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "XxeSample.java"));
var pattern = "new XMLUtil().parse(<[~\".*\"]>)";
var matchingResults = PatternMatchingUtils.GetMatchings(code, pattern, Language.Java);
Assert.AreEqual(4, matchingResults.Length);
}
public void Match_JavaScriptTestPatterns_MatchedExpected()
{
var jsCodeAndPatterns = new Tuple <string, string>[]
{
new Tuple <string, string>("document.body.innerHTML=\"<svg/onload=alert(1)>\"", "#.innerHTML=<[\"\"]>"),
new Tuple <string, string>("document.write(\"\\u003csvg/onload\\u003dalert(1)\\u003e\")", "document.write(<[\"\"]>)"),
new Tuple <string, string>("$('<svg/onload=alert(1)>')", "$(<[\"\"]>)")
};
foreach (var tuple in jsCodeAndPatterns)
{
var matchingResults = PatternMatchingUtils.GetMatchings(tuple.Item1, tuple.Item2, Language.JavaScript);
Assert.AreEqual(1, matchingResults.Length);
}
}
public void Match_JavaScriptAndPhpPatternInsidePhp_MatchCorrectPatternDependsOnLanguage()
{
string code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "JavaScriptTestPatternsInsidePhp.php"));
MatchingResultDto[] matchingResults;
matchingResults = PatternMatchingUtils.GetMatchings(code, "#.innerHTML=<[\"\"]>",
LanguageFlags.JavaScript, LanguageFlags.JavaScript);
Assert.AreEqual(1, matchingResults.Length);
matchingResults = PatternMatchingUtils.GetMatchings(code, "<[password]> = null",
LanguageFlags.Php, LanguageFlags.Php);
Assert.AreEqual(1, matchingResults.Length);
matchingResults = PatternMatchingUtils.GetMatchings(code, "#.innerHTML=<[\"\"]>",
LanguageFlags.Php, LanguageFlags.JavaScript);
Assert.AreEqual(0, matchingResults.Length);
matchingResults = PatternMatchingUtils.GetMatchings(code, "<[password]> = null",
LanguageFlags.JavaScript, LanguageFlags.Php);
Assert.AreEqual(0, matchingResults.Length);
}
